Vulnerability CVE-2007-3564: Information

Description

libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions.

Severity: HIGH (7.5)

URL: https://nvd.nist.gov/vuln/detail/CVE-2007-3564
Published: July 18, 2007
Modified: July 29, 2017

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://www.curl.haxx.se/docs/adv_20070710.html
  • Patch
  • Vendor Advisory
USN-484-1
  • Patch
24938
    26104
    • Patch
    • Vendor Advisory
    26108
    • Patch
    • Vendor Advisory
    DSA-1333
      2007-0023
        26128
          26231
            ADV-2007-2551
              libcurl-gnutls-weak-security(35479)

                  1. Configuration 1

                    cpe:2.3:a:libcurl:libcurl:7.15.3:*:*:*:*:*:*:*
                    cpe:2.3:a:libcurl:libcurl:7.15.2:*:*:*:*:*:*:*
                    cpe:2.3:a:libcurl:libcurl:7.14:*:*:*:*:*:*:*
                    cpe:2.3:a:libcurl:libcurl:7.14.1:*:*:*:*:*:*:*
                    cpe:2.3:a:libcurl:libcurl:7.15.1:*:*:*:*:*:*:*
                    cpe:2.3:a:libcurl:libcurl:7.15:*:*:*:*:*:*:*
                    cpe:2.3:a:libcurl:libcurl:7.16.3:*:*:*:*:*:*:*
                VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                Version: v24.4.2
                Back to top